Update README.md
This commit is contained in:
Tib3rius
GitHub
parent
fdbf760ef9
commit
5115e160b5
50
README.md
50
README.md
|
|
@ -20,20 +20,28 @@ AutoRecon was inspired by three tools which the author used during the OSCP labs
|
||||||
|
|
||||||
## Features
|
## Features
|
||||||
|
|
||||||
* Supports multiple targets in the form of IP addresses, IP ranges (CIDR notation), and resolvable hostnames.
|
* Supports multiple targets in the form of IP addresses, IP ranges (CIDR notation), and resolvable hostnames. IPv6 is supported.
|
||||||
* Can scan targets concurrently, utilizing multiple processors if they are available.
|
* Can scan multiple targets concurrently, utilizing multiple processors if they are available.
|
||||||
* Customizable port scanning profiles for flexibility in your initial scans.
|
* Advanced plugin system allowing for easy creation of new scans.
|
||||||
* Customizable service enumeration commands and suggested manual follow-up commands.
|
* Customizable port scanning plugins for flexibility in your initial scans.
|
||||||
|
* Customizable service scanning plugins for further enumeration.
|
||||||
|
* Suggested manual follow-up commands for when automation makes little sense.
|
||||||
|
* Ability to limit port scanning to a combination of TCP/UDP ports.
|
||||||
|
* Ability to skip port scanning phase by suppling information about services which should be open.
|
||||||
|
* Global and per-scan pattern matching which highlights and extracts important information from the noise.
|
||||||
* An intuitive directory structure for results gathering.
|
* An intuitive directory structure for results gathering.
|
||||||
* Full logging of commands that were run, along with errors if they fail.
|
* Full logging of commands that were run, along with errors if they fail.
|
||||||
* Global and per-scan pattern matching so you can highlight/extract important information from the noise.
|
* A powerful config file lets you use your favorite settings every time.
|
||||||
|
* A tagging system that lets you include or exclude certain plugins.
|
||||||
|
* Global and per-target timeouts in case you only have limited time.
|
||||||
|
* Three levels of verbosity, controllable by command-line options, and during scans using Up/Down arrows.
|
||||||
|
* Colorized output for distinguishing separate pieces of information. Can be turned off for accessibility reasons.
|
||||||
|
|
||||||
## Requirements
|
## Requirements
|
||||||
|
|
||||||
- Python 3
|
- Python 3
|
||||||
- `python3-pip`
|
- `python3-pip`
|
||||||
|
|
||||||
|
|
||||||
### Supporting packages
|
### Supporting packages
|
||||||
|
|
||||||
Several commands used in AutoRecon reference the SecLists project, in the directory /usr/share/seclists/. You can either manually download the SecLists project to this directory (https://github.com/danielmiessler/SecLists), or if you are using Kali Linux (**highly recommended**) you can run the following:
|
Several commands used in AutoRecon reference the SecLists project, in the directory /usr/share/seclists/. You can either manually download the SecLists project to this directory (https://github.com/danielmiessler/SecLists), or if you are using Kali Linux (**highly recommended**) you can run the following:
|
||||||
|
|
@ -109,11 +117,13 @@ See detailed usage options below.
|
||||||
AutoRecon uses Python 3 specific functionality and does not support Python 2.
|
AutoRecon uses Python 3 specific functionality and does not support Python 2.
|
||||||
|
|
||||||
```
|
```
|
||||||
usage: autorecon.py [-t TARGET_FILE] [-m MAX_SCANS] [-mp MAX_PORT_SCANS] [-c CONFIG_FILE] [-g GLOBAL_FILE] [--tags TAGS] [--exclude-tags EXCLUDE_TAGS]
|
usage: autorecon.py [-t TARGET_FILE] [-p PORTS] [-m MAX_SCANS] [-mp MAX_PORT_SCANS] [-c CONFIG_FILE] [-g GLOBAL_FILE] [--tags TAGS] [--exclude-tags EXCLUDE_TAGS]
|
||||||
[--plugins-dir PLUGINS_DIR] [-o OUTDIR] [--single-target] [--only-scans-dir] [--create-port-dirs] [--heartbeat HEARTBEAT] [--timeout TIMEOUT]
|
[--plugins-dir PLUGINS_DIR] [-o OUTDIR] [--single-target] [--only-scans-dir] [--create-port-dirs] [--heartbeat HEARTBEAT] [--timeout TIMEOUT]
|
||||||
[--target-timeout TARGET_TIMEOUT] [--nmap NMAP | --nmap-append NMAP_APPEND] [--disable-sanity-checks] [--accessible] [-v] [--version]
|
[--target-timeout TARGET_TIMEOUT] [--nmap NMAP | --nmap-append NMAP_APPEND] [--disable-sanity-checks] [--disable-keyboard-control]
|
||||||
[--curl.path VALUE] [--dirbuster.tool {feroxbuster,gobuster,dirsearch,ffuf,dirb}] [--dirbuster.wordlist VALUE] [--dirbuster.threads VALUE]
|
[--force-services FORCE_SERVICES [FORCE_SERVICES ...]] [--accessible] [-v] [--version] [--curl.path VALUE]
|
||||||
[--onesixtyone.community-strings VALUE] [--global.username-wordlist VALUE] [--global.password-wordlist VALUE] [--global.domain VALUE] [-h]
|
[--dirbuster.tool {feroxbuster,gobuster,dirsearch,ffuf,dirb}] [--dirbuster.wordlist VALUE [VALUE ...]] [--dirbuster.threads VALUE]
|
||||||
|
[--dirbuster.ext VALUE] [--onesixtyone.community-strings VALUE] [--global.username-wordlist VALUE] [--global.password-wordlist VALUE]
|
||||||
|
[--global.domain VALUE] [-h]
|
||||||
[targets ...]
|
[targets ...]
|
||||||
|
|
||||||
Network reconnaissance tool to port scan and automatically enumerate services found on multiple targets.
|
Network reconnaissance tool to port scan and automatically enumerate services found on multiple targets.
|
||||||
|
|
@ -121,9 +131,12 @@ Network reconnaissance tool to port scan and automatically enumerate services fo
|
||||||
positional arguments:
|
positional arguments:
|
||||||
targets IP addresses (e.g. 10.0.0.1), CIDR notation (e.g. 10.0.0.1/24), or resolvable hostnames (e.g. foo.bar) to scan.
|
targets IP addresses (e.g. 10.0.0.1), CIDR notation (e.g. 10.0.0.1/24), or resolvable hostnames (e.g. foo.bar) to scan.
|
||||||
|
|
||||||
optional arguments: [30/2643]
|
optional arguments:
|
||||||
-t TARGET_FILE, --targets TARGET_FILE
|
-t TARGET_FILE, --targets TARGET_FILE
|
||||||
Read targets from file.
|
Read targets from file.
|
||||||
|
-p PORTS, --ports PORTS
|
||||||
|
Comma separated list of ports / port ranges to scan. Specify TCP/UDP ports by prepending list with T:/U: To scan both TCP/UDP, put port(s) at start
|
||||||
|
or specify B: e.g. 53,T:21-25,80,U:123,B:123. Default: None
|
||||||
-m MAX_SCANS, --max-scans MAX_SCANS
|
-m MAX_SCANS, --max-scans MAX_SCANS
|
||||||
The maximum number of concurrent scans to run. Default: 50
|
The maximum number of concurrent scans to run. Default: 50
|
||||||
-mp MAX_PORT_SCANS, --max-port-scans MAX_PORT_SCANS
|
-mp MAX_PORT_SCANS, --max-port-scans MAX_PORT_SCANS
|
||||||
|
|
@ -155,9 +168,12 @@ positional arguments:
|
||||||
Append to the default {nmap_extra} variable in scans. Default:
|
Append to the default {nmap_extra} variable in scans. Default:
|
||||||
--disable-sanity-checks
|
--disable-sanity-checks
|
||||||
Disable sanity checks that would otherwise prevent the scans from running. Default: False
|
Disable sanity checks that would otherwise prevent the scans from running. Default: False
|
||||||
|
--disable-keyboard-control
|
||||||
|
Disables keyboard control ([s]tatus, Up, Down) if you are in SSH or Docker.
|
||||||
|
--force-services FORCE_SERVICES [FORCE_SERVICES ...]
|
||||||
|
A space separated list of services in the following style: tcp/80/http/insecure tcp/443/https/secure
|
||||||
--accessible Attempts to make AutoRecon output more accessible to screenreaders. Default: False
|
--accessible Attempts to make AutoRecon output more accessible to screenreaders. Default: False
|
||||||
-v, --verbose Enable verbose output. Repeat for more verbosity.
|
-v, --verbose Enable verbose output. Repeat for more verbosity.
|
||||||
--version Prints the AutoRecon version and exits.
|
|
||||||
-h, --help Show this help message and exit.
|
-h, --help Show this help message and exit.
|
||||||
|
|
||||||
plugin arguments:
|
plugin arguments:
|
||||||
|
|
@ -166,11 +182,13 @@ positional arguments:
|
||||||
--curl.path VALUE The path on the web server to curl. Default: /
|
--curl.path VALUE The path on the web server to curl. Default: /
|
||||||
--dirbuster.tool {feroxbuster,gobuster,dirsearch,ffuf,dirb}
|
--dirbuster.tool {feroxbuster,gobuster,dirsearch,ffuf,dirb}
|
||||||
The tool to use for directory busting. Default: feroxbuster
|
The tool to use for directory busting. Default: feroxbuster
|
||||||
--dirbuster.wordlist VALUE
|
--dirbuster.wordlist VALUE [VALUE ...]
|
||||||
The wordlist to use when directory busting. Specify the option multiple times to use multiple wordlists. Default:
|
The wordlist(s) to use when directory busting. Separate multiple wordlists with spaces. Default: ['/usr/share/seclists/Discovery/Web-
|
||||||
['/usr/share/seclists/Discovery/Web-Content/common.txt']
|
Content/common.txt']
|
||||||
--dirbuster.threads VALUE
|
--dirbuster.threads VALUE
|
||||||
The number of threads to use when directory busting. Default: 10
|
The number of threads to use when directory busting. Default: 10
|
||||||
|
--dirbuster.ext VALUE
|
||||||
|
The extensions you wish to fuzz (no dot, comma separated). Default: txt,html,php,asp,aspx,jsp
|
||||||
--onesixtyone.community-strings VALUE
|
--onesixtyone.community-strings VALUE
|
||||||
The file containing a list of community strings to try. Default: /usr/share/seclists/Discovery/SNMP/common-snmp-community-strings-onesixtyone.txt
|
The file containing a list of community strings to try. Default: /usr/share/seclists/Discovery/SNMP/common-snmp-community-strings-onesixtyone.txt
|
||||||
|
|
||||||
|
|
@ -182,7 +200,7 @@ positional arguments:
|
||||||
--global.password-wordlist VALUE
|
--global.password-wordlist VALUE
|
||||||
A wordlist of passwords, useful for bruteforcing. Default: /usr/share/seclists/Passwords/darkweb2017-top100.txt
|
A wordlist of passwords, useful for bruteforcing. Default: /usr/share/seclists/Passwords/darkweb2017-top100.txt
|
||||||
--global.domain VALUE
|
--global.domain VALUE
|
||||||
The domain to use (if known). Used for DNS and/or Active Directory.
|
The domain to use (if known). Used for DNS and/or Active Directory. Default: None
|
||||||
```
|
```
|
||||||
|
|
||||||
### Verbosity
|
### Verbosity
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue